OPNSense behind ISP Modem; all traffic blocked

[malchir]

Hello all,

I have the following setup:

Internet -- ISP modem -- OPNSense -- l3 switch

ISP modem - OPNSense subnet : 192.168.178.0/24 (.1 <-> .252)
OPNSense -- L3 Switch 10.34.10.0/24
L3 Switch - 10.34.0.0/16 (several VLANs).

I've added FW rules to allow 10.34.0.0/16 (added routing and gateway too) to any but traffic gets blocked by "Default Rule". I've made it more specific by adding /24 subnet rules but traffic stays blocked. I've searched through OPNSense and PFSense posts but I cannot get a right answer why something pretty obvious gets blocked. Am I missing NAT rules (it's double NAT, yeah not perfect but it works)? I've disabled blocking RFC1918 en bogon networks.

At the moment I use an ASA 5505 and that works but as soon as I switch the default route to the OPNSense FW (on the L3 switch) the logs fill up with block spam.

I must be overlooking something but I do not see it at the moment.

With kind regards,

Marcel Tempelman.

 

[bartjsmit]

Are you allowing RFC 1918 on your WAN interface? Interfaces, WAN, make sure 'Block private networks' is unticked.

Bart...

[Maurice]

If you want OPNsense to perform NAT for subnets other than those of its LAN interfaces, you need to add manual outbound NAT rules.

[malchir]

Thx Maurice ! That was what fixed it. I was still using the automatic setting. Just added a NAT rule for my 10.34.0.0/16 subnet and it worked !

with kind regards,

Marcel Tempelman